Author

Topic: How do you prefer to log in? (Read 9490 times)

legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
June 08, 2015, 10:24:44 PM
#45

Mycelium and, I believe, Trezor now support BitID.
https://github.com/bitid/bitid
legendary
Activity: 2730
Merit: 1034
Needs more jiggawatts
May 16, 2015, 06:12:03 PM
#44
facebook

Please vote in the poll at the top of the page. Still zero votes for Facebook.

Open ID is easy enough, but I do think that two factor adds security although its inconvenient at times.. Bitminter user (Bitvest)

Two factor does help security some.

How to turn on two-factor authentication for some OpenID providers: https://bitcointalksearch.org/topic/m.4892396
newbie
Activity: 6
Merit: 0
May 14, 2015, 09:36:50 PM
#43
Open ID is easy enough, but I do think that two factor adds security although its inconvenient at times..
newbie
Activity: 11
Merit: 0
March 14, 2015, 06:16:02 PM
#42
facebook
legendary
Activity: 4634
Merit: 1851
Linux since 1997 RedHat 4
February 24, 2015, 06:29:23 PM
#41
On my pool ~20% of the active miners are address based, so yeah certainly allowing both address based and login account based is pretty much mandatory IMO.
full member
Activity: 124
Merit: 100
February 24, 2015, 05:18:21 AM
#40
Can't believe FB is listed as an option.....that's a joke right?  Cheesy

I couldn't agree more.  Wink

Personally I like an aesthetically pleasing and practical interface therefore wallet address systems are out, login or public platforms.

Everyone knows how to create a username and password so why change something that works. Add a little 2FA for security and your set.

Name and password + second factor all the way, typically with Google Auth or SMS.

newbie
Activity: 1
Merit: 0
February 23, 2015, 05:45:53 PM
#39
No complex centralized login needed (username/password as payout address, is a nice safe decentralized solution) don't think the entire website need to be public cause of that)
- that got my 2 cents, all day long.

Why use centralized controls when you don´t need to?
and for all who don't like to use centralized US tracking services it would be nice to at least have this option ..

Keep up the good work fellow Northman.

PS: don't eat to much Haribo...  not all dentists take BTC :-)
hero member
Activity: 518
Merit: 500
Hodl!
January 19, 2015, 04:39:03 PM
#38
That's a great solution if you've got a reasonable amount of power, but for some of us, payments would be a bit dusty.
member
Activity: 60
Merit: 10
January 19, 2015, 03:54:55 PM
#37

IMO best option would be "No login (user name is payout address, entire website is public)". Why would a user need to login if there is no need to withdraw manually?. Just set an automatic payment (similar to Eligius) and make all stats public.

donator
Activity: 2058
Merit: 1007
Poor impulse control.
January 19, 2015, 03:37:22 PM
#36
If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923

Links are provided in the cite notes/references.

No, I'm fine with Google products generally, just not authenticator. Much prefer to use a Yubikey.
hero member
Activity: 518
Merit: 500
Hodl!
January 19, 2015, 12:51:53 PM
#35
If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923

Links are provided in the cite notes/references.
donator
Activity: 2058
Merit: 1007
Poor impulse control.
January 19, 2015, 07:55:50 AM
#34
I like 2fa, but only of the yubikey type. I really don't want to use Google authenticator.

newbie
Activity: 68
Merit: 0
January 16, 2015, 10:14:02 AM
#33
user name and password, with 2fa (or email confirmation) for critical events, such as change email, change address, manual withdrawals and change of perks/donations
hero member
Activity: 518
Merit: 500
Hodl!
January 05, 2015, 09:06:51 PM
#32
Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers.

Yes, yahoo started to deteriorate all over in the first half of last year, I thought they were circling the drain, but all of a sudden, things started working right again. I maybe only get 1 in 3 mails sent to my old yahoo mail accounts though.
legendary
Activity: 1551
Merit: 1002
♠ ♥ ♣ ♦ < ♛♚&#
January 05, 2015, 07:38:11 PM
#31
Voted!
Quote
Name and password + second factor (Google auth, Yubikey, etc)
legendary
Activity: 1143
Merit: 1000
January 05, 2015, 07:36:05 PM
#30
I would really like to use google authenticator, dont know why it was not implemented already..
legendary
Activity: 1610
Merit: 1000
January 03, 2015, 04:12:33 AM
#29
OpenID Wink
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
January 01, 2015, 03:32:58 AM
#28
How would you prefer to log in at your mining pool's website?

Please take part in the poll above.

I prefer to use BTC payment address as username. Site should be publicly open.
Security can't get better than this. There's no password to hack - you mine on your BTC address, period.

And the side benefit is, you don't have to create accounts on numerous pools, remember them all and also worry about getting one of them hacked.
newbie
Activity: 11
Merit: 0
January 01, 2015, 02:48:50 AM
#27
Name and password
newbie
Activity: 5
Merit: 0
December 29, 2014, 01:27:44 AM
#26
Name and password + second factor (Google auth, Yubikey, etc)
I like authy but that's a personal pref. I like having the second security layer.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
December 22, 2014, 01:24:04 PM
#25
User + Password + 2FA, and the site should have "remember this user+password" so I will actually type only the 2FA.
newbie
Activity: 4
Merit: 0
December 22, 2014, 01:10:16 PM
#24
Name and Password
sr. member
Activity: 378
Merit: 250
December 21, 2014, 08:40:41 AM
#23
I'd personally use Google auth if possible (and passwords with capital and numbers).
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
December 21, 2014, 08:37:48 AM
#22
Have you considered sqrl login technology? see below:

https://www.grc.com/sqrl/sqrl.htm

I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in? [...]

Yes, that'd be great!

Android app:
https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl

legendary
Activity: 2730
Merit: 1034
Needs more jiggawatts
December 21, 2014, 08:06:13 AM
#21
As someone who runs a pool, and has done a damn good job doing so, which do you prefer?

Thank you Smiley

As a user I find OpenID very quick and convenient.

As someone running a website, OpenID for the most part works fine. I don't need to store password hashes. I also don't have to deal with lost password issues, but on the other hand of course there are people who got banned from Google or otherwise lost access to their OpenID account who need help.

Over the 3.5 years there have been some negative experiences:

Some people write me angry notes saying I am trying to force them to register at Google and Yahoo to help the NSA and big corporations spy on them.

myopenid.net shut down with 6 months notice. Most people switched in time and it wasn't so bad. Only about 5 people didn't, and needed help to recover access to their Bitminter account.

A korean OpenID identity provider whose name I forget suddenly shut down (without notice as far as I know). Their entire website was replaced by a single page with text in korean saying something like "thanks for the good times. we shut down now. goodbye." If I recall correctly the text was an image too, so it was more difficult to get it translated with Google translate.

Blogger/blogspot has always been very unreliable. Their OpenID server is down half the time. There is no customer support available in any fashion. I didn't want to remove them from the login page because some users are using them and it will make it more difficult for them to log in without the blogspot button. Instead I put a warning not to use blogger/blogspot.

A few sites use OpenID implementations that apparently don't work well with the one I use, so you can't log in using those sites.

Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Probably close to 1000 active Bitminter users were locked out of their accounts because of this. Too many to do manual account recovery for them all. I started working on an automated process, but then Yahoo finally got their act together and fixed the problem. Some users blamed me and left the pool. While it is not my fault that Yahoo is unreliable, it is my fault that I chose to rely on external services.

The latest problem now is that Google will not just be implementing the new OpenID Connect. They will also shut down the old OpenID 2.0 servers. So now all websites have to change their software if they want to keep Google logins. OpenID Connect is the new version of OpenID.
newbie
Activity: 28
Merit: 0
December 15, 2014, 02:41:21 AM
#20
I prefer the convenience of Google login. I set the payout threshold such that it wouldn't be that big a deal even if it was hacked so it's sufficiently secure for me as is.

I do not like the payout address as user method as without an actual account it doesn't feel like I belong to anything.  It would also make perks very difficult to implement.

Aaron
hero member
Activity: 616
Merit: 500
BTC=1GjeqWFLc4TBDg3bwdQk9ZWnEoNPCT9t6G
December 11, 2014, 09:35:31 PM
#19
user name + password
hero member
Activity: 742
Merit: 500
December 10, 2014, 12:59:48 PM
#18
bitcoin wallet!
facebook? google? are u grazy!!! Shocked
legendary
Activity: 2730
Merit: 1034
Needs more jiggawatts
December 10, 2014, 12:00:18 PM
#17
Have you considered sqrl login technology? see below:

https://www.grc.com/sqrl/sqrl.htm

I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in?

The problem with many other 2FA solutions:

Most 2FA solutions give you a one-time password on a separate device that you then type into your computer. There is a belief by a lot of users that this makes hacking impossible.

Let's review this. In many cases if you get hacked it's because someone (through a trojan or other malware) took over control of your computer. They are now looking at you through your camera, listening to you through your microphone, taking screenshots of your desktop to see what you are doing.. and they are recording every keystroke you make. When you type your one-time passwords into a compromised computer like this, you are essentially giving them to the hacker.

I wish more people would accept that..
  • A one-time password/code typed into a compromised computer won't save you
  • A compromised computer can become yours again, but you need to reformat your drive and reinstall the operating system from a clean source

Although if the hacker installed malware on the firmware of your laptop battery then you may wish to just burn the computer.
hero member
Activity: 518
Merit: 500
Hodl!
December 10, 2014, 08:21:10 AM
#16
user/pass and CHOICE of second factor, google auth, SMS etc.

Google authentication is an algorithm btw and has been independently implemented, no need to trust google. You can pick up an old windows mobile device for $10 or less, put auth software on it, use it as entirely offline hardware key, etc.
legendary
Activity: 1638
Merit: 1005
December 09, 2014, 01:20:22 PM
#15
Voted for the OPENID, but i'm all good with login/pass + second factor (SMS)

Thanks Doc ! Smiley
newbie
Activity: 21
Merit: 0
December 08, 2014, 11:06:50 PM
#14
I prefer OpenID with Google.  I have Google set up to provide an SMS 2FA, if I am logging in from s new device.  This is quite convenient as I log in on multiple devices (iPhone, iPad and desktop) multiple times per day.  All of my devices are heavily secured as well.
hero member
Activity: 924
Merit: 1000
Watch out for the "Neg-Rep-Dogie-Police".....
December 08, 2014, 12:57:29 PM
#13
Can't believe FB is listed as an option.....that's a joke right?  Cheesy
hero member
Activity: 644
Merit: 500
December 08, 2014, 06:36:51 AM
#12
Username+Password+2 way factor google authenticator
full member
Activity: 140
Merit: 100
December 07, 2014, 10:57:03 PM
#11
i prefer my payout address + phone authentication  Cool
sr. member
Activity: 294
Merit: 250
December 07, 2014, 10:17:31 PM
#10
The OpenID Connect, just seems to be Google+, I still don't like Google+.
hero member
Activity: 857
Merit: 1000
Anger is a gift.
December 07, 2014, 09:47:34 PM
#9
How would you prefer to log in at your mining pool's website?

Please take part in the poll above.

Better question.

As someone who runs a pool, and has done a damn good job doing so, which do you prefer?
newbie
Activity: 2
Merit: 0
December 07, 2014, 08:29:20 PM
#8
I like the open ID for most things due to it being fast and easy, however a password/txt msg code/ or some other thing would be good for the changing of settings/sending payments.
hero member
Activity: 857
Merit: 1000
Anger is a gift.
December 07, 2014, 06:06:24 PM
#7
I prefer using my payout address. 2FA with UN and PW is not a bad way, payout address just seems easier for everyone.
newbie
Activity: 4
Merit: 0
December 07, 2014, 05:01:39 PM
#6
Google open id is the quickest. It saves me time logging in...I log-in multiple times per day. Email log-in would also be ok. I do use authy. Have you considered sqrl login technology? see below:

https://www.grc.com/sqrl/sqrl.htm
newbie
Activity: 40
Merit: 0
December 07, 2014, 03:16:28 PM
#5
Either two factor or Google auth.

I have a strong dislike of "just use your wallet address" pools - I trust it a bit more when I have an actual account.
legendary
Activity: 2483
Merit: 1482
-> morgen, ist heute, schon gestern <-
December 07, 2014, 05:58:16 AM
#4
Payoutadress as Name & Password, i think.
I don't get Facebook (never!) just for login.

NB: Gummibären für immer ;-), und Schnecken natürlich. Tongue
legendary
Activity: 1302
Merit: 1001
December 06, 2014, 08:57:29 PM
#3
ID/Password with Second factor with a text code sent to my cell phone.
legendary
Activity: 1344
Merit: 1024
Mine at Jonny's Pool
December 06, 2014, 08:27:04 PM
#2
I run my own p2pool node, so there is no need for a login.  However, if I were to run a more conventional pool, I would certainly want to have a username/password in conjunction with 2fa.
legendary
Activity: 2730
Merit: 1034
Needs more jiggawatts
December 06, 2014, 08:10:33 PM
#1
How would you prefer to log in at your mining pool's website?

Please take part in the poll above.
Jump to: